Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Fix IPv6 records for npm #4163

Closed
2 tasks done
EduApps-CDG opened this issue Dec 11, 2021 · 73 comments
Closed
2 tasks done

[BUG] Fix IPv6 records for npm #4163

EduApps-CDG opened this issue Dec 11, 2021 · 73 comments
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release

Comments

@EduApps-CDG
Copy link

EduApps-CDG commented Dec 11, 2021

Is there an existing issue for this?

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

I'm trying to install natural package, but npm freezes in sill idealTree buildDeps (Not the same behavior as #3257, so I suppose it's another bug). After some minutes it returns ETIMEDOUT.

image

Expected Behavior

npm should install the package (it's also unable to update npm itself).

Steps To Reproduce

  1. Start a empty project
  2. Run npm i [any package]
  3. See error similar to this:
npm ERR! code ETIMEDOUT
npm ERR! syscall connect
npm ERR! errno ETIMEDOUT
npm ERR! network request to https://registry.npmjs.org/natural failed, reason: connect ETIMEDOUT 2606:4700::6810:1223:443
npm ERR! network This is a problem related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network 
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly.  See: 'npm help config'

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/eduardo/.npm/_logs/2021-12-11T07_56_48_769Z-debug.log

Environment

  • npm: 7.19.1 (OK), 8.0.0 (Not OK), 8.1.4 (Not OK), 8.3.0 (Not OK)
  • Node: 17.0.1, 17.2.0 (npm 8.1.4)
  • OS: Ubuntu 21.10
  • platform: Intel X64 Notebook
  • npm config:
; "user" config from /home/eduardo/.npmrc

@EduApps-CDG:registry = "https://npm.pkg.github.com/" 
; npm.pkg.github.com/:_authToken = (protected) 
; registry.npmjs.org/:_authToken = (protected) 
registry = "https://registry.npmjs.org/" 

; node bin location = /home/eduardo/.nvm/versions/node/v17.0.1/bin/node
; cwd = /home/eduardo/proj/DescicloBot/ai
; HOME = /home/eduardo
; Run `npm config ls -l` to show all defaults.
@EduApps-CDG EduApps-CDG added Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release labels Dec 11, 2021
@EduApps-CDG
Copy link
Author

I'm not in a proxy and websocket connections are okay in web browsers

@EduApps-CDG EduApps-CDG changed the title [BUG] ETIMEDOUT executing npm instals [BUG] ETIMEDOUT executing npm installs Dec 11, 2021
@EduApps-CDG
Copy link
Author

npm ping does the exact same thing

@EduApps-CDG
Copy link
Author

deleted .npm folder, the exact same happens (and does not search for updates in 8.1.4)

@EduApps-CDG
Copy link
Author

EduApps-CDG commented Dec 11, 2021

Everything fine on a Google Colab machine (outdated versions). But I still have the issue can someone help me?

I can't figure out why it works on 7.18 and not in 8.X.

Reinstalled npm, same problem (this happens with yarn too)

@EduApps-CDG
Copy link
Author

EduApps-CDG commented Dec 12, 2021

Important Update:

Installed latest LTS version of node with npm@8.1.2 and npm@8.3.0 and everything is working fine, I think it's not an npm bug now, but a node bug. See nodejs/node#41145

@Trott
Copy link
Contributor

Trott commented Dec 12, 2021

I see that registry.npmjs.com is advertising IPv6 addresses in DNS. I'm guessing that they are only serving over IPv4 and the problem you are seeing is due to a breaking change in Node.js 17.0.0's dns module.

If I'm right about this, the thing to do would be to either enable the registry to serve over IPv6 or else do not advertise the DNS records over IPv6.

@aduh95 @richardlau

@Trott
Copy link
Contributor

Trott commented Dec 12, 2021

I see that registry.npmjs.com is advertising IPv6 addresses in DNS. I'm guessing that they are only serving over IPv4 and the problem you are seeing is due to a breaking change in Node.js 17.0.0's dns module.

If I'm right about this, the thing to do would be to either enable the registry to serve over IPv6 or else do not advertise the DNS records over IPv6.

@aduh95 @richardlau

nodejs/build#2822

@Trott
Copy link
Contributor

Trott commented Dec 12, 2021

Oops, sorry for the ping, @aduh95. I thought it was you that made the change, but I see it wasn't.

Refs: nodejs/node#39987

@EduApps-CDG
Copy link
Author

I'm back, It looks like there is something wrong with npm registry domain:
image
image

@EduApps-CDG EduApps-CDG changed the title [BUG] ETIMEDOUT executing npm installs [BUG] Fix IPv6 records from Brazil Dec 13, 2021
@EduApps-CDG
Copy link
Author

EduApps-CDG commented Dec 13, 2021

After running some tests at nodejs/node#41145, I think the problem now is npm registry's ipv6 record.

@EduApps-CDG EduApps-CDG changed the title [BUG] Fix IPv6 records from Brazil [BUG] Fix IPv6 records for npm Dec 13, 2021
@lumaxis
Copy link
Contributor

lumaxis commented Dec 13, 2021

Hey @EduApps-CDG! I work on the npm registry team and just had a look at this. It seems like your DNS resolves to 2606:4700::6810:1223 which is valid entry in our DNS record.

It appears however, that somehow, you're not able to connect to that IP address. When I manually pin my local curl to resolve to this IP address however, it does work without problems. This leads me to believe that this is a local routing problem, either with your ISP or some part of their backbone infrastructure.

❯ curl -v -6 https://registry.npmjs.org --resolve registry.npmjs.org:443:2606:4700::6810:1323
* Added registry.npmjs.org:443:2606:4700::6810:1323 to DNS cache
* Hostname registry.npmjs.org was found in DNS cache
*   Trying 2606:4700::6810:1323:443...
* Connected to registry.npmjs.org (2606:4700::6810:1323) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Aug 18 00:00:00 2021 GMT
*  expire date: Aug 17 23:59:59 2022 GMT
*  subjectAltName: host "registry.npmjs.org" matched cert's "*.npmjs.org"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x15500ca00)
> GET / HTTP/2
> Host: registry.npmjs.org
> user-agent: curl/7.77.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Mon, 13 Dec 2021 23:33:21 GMT
< content-type: application/json
< cf-ray: 6bd2ff38fd406931-FRA
< cache-control: must-revalidate
< strict-transport-security: max-age=2592000000; includeSubDomains; preload;
< vary: Accept-Encoding
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
<
* Connection #0 to host registry.npmjs.org left intact
{"db_name":"registry","engine":"couch_bt_engine","doc_count":2562809,"doc_del_count":334,"update_seq":12122919,"purge_seq":0,"compact_running":false,"sizes":{"active":68374523314,"external":152661465294,"file":69647919115},"disk_size":69647919115,"data_size":68374523314,"other":{"data_size":152661465294},"instance_start_time":"1639385342006465","disk_format_version":7,"committed_update_seq":12122918,"compacted_seq":12078594,"uuid":"964c127ddcbbd59982db296a0f9e8a56"}%

@EduApps-CDG
Copy link
Author

EduApps-CDG commented Dec 14, 2021 via email

@EduApps-CDG
Copy link
Author

By the way, If that's the issue, how can I check if it's true?

@EduApps-CDG
Copy link
Author

I asked for people in my country to see if they have the same problem:
image

@lumaxis
Copy link
Contributor

lumaxis commented Dec 14, 2021

By the way, If that's the issue, how can I check if it's true?

Using a different network/a different ISP for example can help narrow this down. If you can tether through your phone and that supports IPv6 as well, it might yield different results.

@lumaxis
Copy link
Contributor

lumaxis commented Dec 14, 2021

I asked for people in my country to see if they have the same problem: image

This unfortunately does not tell us anything, visiting an IP address directly in the browser will not work due to SSL reasons but your screenshot seems to suggest that the other user is at the very least able to connect to the IP address, even if it results in an (expected) certificate mismatch.

We have also run a RIPE measurement that does not show any systemic issues connecting to npm from Brazil: https://atlas.ripe.net/measurements/34456285/

@lumaxis
Copy link
Contributor

lumaxis commented Dec 14, 2021

As I think we're confident that there is no issue with npm's DNS records, I'm going to close this issue.

@lumaxis lumaxis closed this as completed Dec 14, 2021
@shakori999
Copy link

hay guys I had the same issue just when i run docker, if any one find the solution pls let me know

@Qix-
Copy link

Qix- commented Jan 11, 2022

@lumaxis upgrading to the latest npm, I am definitely broken. npm is attempting to connect to the registry over ipv6 and the connection is getting a ECONNREFUSED error.

$ dig aaaa registry.npmjs.org
   -- snip --
registry.npmjs.org.     265     IN      AAAA    2606:4700::6810:1223
   -- snip --

$ env 'DEBUG=*' npm -d -d ping
npm info using npm@8.3.0
npm info using node@v17.3.1
npm timing npm:load:whichnode Completed in 1ms
npm timing config:load:defaults Completed in 1ms
npm timing config:load:file:/usr/local/lib/node_modules/npm/npmrc Completed in 1ms
npm timing config:load:builtin Completed in 1ms
npm timing config:load:cli Completed in 3ms
npm timing config:load:env Completed in 0ms
npm timing config:load:file:/src/qix-/umbrel-auth/.npmrc Completed in 3ms
npm timing config:load:project Completed in 4ms
npm timing config:load:file:/home/anonymous/.npmrc Completed in 1ms
npm timing config:load:user Completed in 1ms
npm timing config:load:file:/usr/local/etc/npmrc Completed in 0ms
npm timing config:load:global Completed in 0ms
npm timing config:load:validate Completed in 1ms
npm timing config:load:credentials Completed in 1ms
npm timing config:load:setEnvs Completed in 1ms
npm timing config:load Completed in 13ms
npm timing npm:load:configload Completed in 13ms
npm timing npm:load:setTitle Completed in 0ms
npm timing config:load:flatten Completed in 2ms
npm timing npm:load:display Completed in 9ms
npm timing npm:load:logFile Completed in 5ms
npm timing npm:load:timers Completed in 0ms
npm timing npm:load:configScope Completed in 0ms
npm timing npm:load Completed in 30ms
npm notice PING http://registry.npmjs.org/
  agentkeepalive sock[0#registry.npmjs.org:80:] create, timeout 300001ms +0ms
  agentkeepalive sock[0#registry.npmjs.org:80:](requests: 1, finished: 0) error: Error: connect ECONNREFUSED 2606:4700::6810:1223:80
    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1157:16) {
  errno: -111,
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '2606:4700::6810:1223',
  port: 80
}, listenerCount: 2 +21s
  agentkeepalive sock[0#registry.npmjs.org:80:](requests: 1, finished: 0) close, isError: true +2ms

Forcing node to list ipv4 first fixes this, but this is an issue of registry.npmjs.org returning AAAA records when it doesn't have any support for ipv6. Please remove the records.


You can work around this if you're facing this issue:

node --dns-result-order=ipv4first "$(which npm)"
# or simply
alias npm="node --dns-result-order=ipv4first $(which npm)"

For example:

$ env 'DEBUG=*' node --dns-result-order=ipv4first "$(which npm)" -d -d ping
npm info using npm@8.3.0
npm info using node@v17.3.1
npm timing npm:load:whichnode Completed in 0ms
npm timing config:load:defaults Completed in 1ms
npm timing config:load:file:/usr/local/lib/node_modules/npm/npmrc Completed in 1ms
npm timing config:load:builtin Completed in 1ms
npm timing config:load:cli Completed in 3ms
npm timing config:load:env Completed in 0ms
npm timing config:load:file:/src/qix-/umbrel-auth/.npmrc Completed in 3ms
npm timing config:load:project Completed in 4ms
npm timing config:load:file:/home/anonymous/.npmrc Completed in 1ms
npm timing config:load:user Completed in 1ms
npm timing config:load:file:/usr/local/etc/npmrc Completed in 0ms
npm timing config:load:global Completed in 0ms
npm timing config:load:validate Completed in 1ms
npm timing config:load:credentials Completed in 1ms
npm timing config:load:setEnvs Completed in 0ms
npm timing config:load Completed in 13ms
npm timing npm:load:configload Completed in 13ms
npm timing npm:load:setTitle Completed in 0ms
npm timing config:load:flatten Completed in 2ms
npm timing npm:load:display Completed in 10ms
npm timing npm:load:logFile Completed in 5ms
npm timing npm:load:timers Completed in 0ms
npm timing npm:load:configScope Completed in 0ms
npm timing npm:load Completed in 31ms
npm notice PING http://registry.npmjs.org/
  agentkeepalive sock[0#registry.npmjs.org:80:] create, timeout 300001ms +0ms
  agentkeepalive sock[0#registry.npmjs.org:80:](requests: 1, finished: 1) free +88ms
  agentkeepalive sock[0#registry.npmjs.org:443::::::::true:::::::::::::] create, timeout 300001ms +64ms
  agentkeepalive sock[0#registry.npmjs.org:443::::::::true:::::::::::::](requests: 1, finished: 1) free +313ms
npm notice PONG 487ms
npm timing command:ping Completed in 487ms
npm timing npm Completed in 647ms
npm info ok

Please re-open this issue.

@lumaxis
Copy link
Contributor

lumaxis commented Jan 11, 2022

@Qix- The DNS record is definitely valid and this IP address is correct and does belong to npmjs.org. It seems like your ISP or somewhere in between has issues routing to our IP address, please reach out to them to fix this issue.

As you can see on https://atlas.ripe.net/measurements/34781715/#probes, the vast majority of providers can reach the IP address without issues.

@Qix-
Copy link

Qix- commented Jan 11, 2022

The DNS record is definitely valid and this IP address is correct and does belong to npmjs.org.

I'm not arguing that.

It seems like your ISP or somewhere in between has issues routing to our IP address, please reach out to them to fix this issue

Kind of strange that Telekom, Europe's biggest ISP, isn't routing to your servers correctly.

Note that ECONNREFUSED means that the route was found, but a connection was refused by the receiver. So either your servers are refusing connections on port 80, my ISP is intercepting the connection and blocking it, or there is some OS-related issue with IPv6.

Either way, there is no way to configure npm to force ipv4 resolution, and thus my local ecosystem is entirely broken. I realize this is a Node thing, but there is no permanent workaround. There is nothing I, as a user, can do to fix npm in a way that works with scripts and the rest of the ecosystem (alias does not permeate scripts like it should).

The only viable workaround is to manually manhandle the npm on the path to add the DNS configuration. This is a hack, and I imagine quite a few people are going to run into this in ways where this is not viable.

NPM has four options here:

  • Bug the Node folks to revert the DNS resolution ordering back to ipv4first by default
  • Somehow invoke Node with ipv4first or manually resolve the registry domain using ipv4 to begin with
  • Stop broadcasting AAAA records for the registry until this is fixed
  • Add a configuration option in npm to force IPv4.

Either way, the combination of node/npm moving to ipv6 first has broken people in ways they cannot just simply fix, besides perhaps completely disabling IPv6 on their systems - which helps absolutely nobody and works against the IPv6 adoption efforts clearly in motion. "Contact your ISP" is not valid support advice, sorry.

@lumaxis
Copy link
Contributor

lumaxis commented Jan 11, 2022

Kind of strange that Telekom, Europe's biggest ISP, isn't routing to your servers correctly.

Wouldn't be the craziest thing I've seen them do but it does seem unusual. There's of course other hops in between that could be the culprit. Have you tried to see what e.g. the output of a traceroute6 looks like?

Note that ECONNREFUSED means that the route was found, but a connection was refused by the receiver. So either your servers are refusing connections on port 80, my ISP is intercepting the connection and blocking it, or there is some OS-related issue with IPv6.

I can't speak to the latter two options but I can connect to 2606:4700::6810:1223 on port 80 just fine from my machine so it's not a general issue:

❯ curl -v -6 http://registry.npmjs.org --resolve registry.npmjs.org:80:2606:4700::6810:1223
* Added registry.npmjs.org:80:2606:4700::6810:1223 to DNS cache
* Hostname registry.npmjs.org was found in DNS cache
*   Trying 2606:4700::6810:1223:80...
* Connected to registry.npmjs.org (2606:4700::6810:1223) port 80 (#0)

Even though it is weird that env 'DEBUG=*' npm -d -d ping is attempting to connect via HTTP in the first place, it uses HTTPS when I run it with the same Node and npm version combination:

❯ env 'DEBUG=*' npm -d -d ping
npm info using npm@8.3.0
npm info using node@v17.3.1
npm timing npm:load:whichnode Completed in 0ms
npm timing config:load:defaults Completed in 1ms
npm timing config:load:file:/Users/lukas/.fnm/node-versions/v17.3.1/installation/lib/node_modules/npm/npmrc Completed in 0ms
npm timing config:load:builtin Completed in 0ms
npm timing config:load:cli Completed in 1ms
npm timing config:load:env Completed in 0ms
npm timing config:load:project Completed in 1ms
npm timing config:load:file:/Users/lukas/.npmrc Completed in 1ms
npm timing config:load:user Completed in 1ms
npm timing config:load:file:/Users/lukas/.fnm/node-versions/v17.3.1/installation/etc/npmrc Completed in 0ms
npm timing config:load:global Completed in 0ms
npm timing config:load:validate Completed in 0ms
npm timing config:load:credentials Completed in 0ms
npm timing config:load:setEnvs Completed in 0ms
npm timing config:load Completed in 5ms
npm timing npm:load:configload Completed in 6ms
npm timing npm:load:setTitle Completed in 5ms
npm timing config:load:flatten Completed in 1ms
npm timing npm:load:display Completed in 3ms
npm timing npm:load:logFile Completed in 2ms
npm timing npm:load:timers Completed in 0ms
npm timing npm:load:configScope Completed in 0ms
npm timing npm:load Completed in 16ms
npm notice PING https://registry.npmjs.org/
  agentkeepalive sock[0#registry.npmjs.org:443::::::::true:::::::::::::] create, timeout 300001ms +0ms
  agentkeepalive sock[0#registry.npmjs.org:443::::::::true:::::::::::::](requests: 1, finished: 1) free +395ms
npm notice PONG 452ms
npm timing command:ping Completed in 453ms
npm timing npm Completed in 517ms
npm info ok

Have you by any chance also double checked whether one of the various npm config files that are loaded might be overriding the registry address and if that could be interfering with your connection?

@doojin
Copy link

doojin commented Aug 10, 2022

@treysis not sure what happened, but the issue is gone:

ping -6 www.google.com
PING www.google.com(2800:3f0:4001:82f::2004 (2800:3f0:4001:82f::2004)) 56 data bytes
64 bytes from 2800:3f0:4001:82f::2004 (2800:3f0:4001:82f::2004): icmp_seq=1 ttl=56 time=16.7 ms
64 bytes from 2800:3f0:4001:82f::2004 (2800:3f0:4001:82f::2004): icmp_seq=2 ttl=56 time=17.7 ms
64 bytes from 2800:3f0:4001:82f::2004 (2800:3f0:4001:82f::2004): icmp_seq=3 ttl=56 time=16.3 ms
64 bytes from 2800:3f0:4001:82f::2004 (2800:3f0:4001:82f::2004): icmp_seq=4 ttl=56 time=16.4 ms
64 bytes from 2800:3f0:4001:82f::2004 (2800:3f0:4001:82f::2004): icmp_seq=5 ttl=56 time=20.0 ms
64 bytes from 2800:3f0:4001:82f::2004 (2800:3f0:4001:82f::2004): icmp_seq=6 ttl=56 time=18.3 ms
node --version
v18.7.0
npm install --save express

added 57 packages, and audited 58 packages in 2s

7 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

This is through my router's Wifi. With /etc/gai.conf being completely reverted to initial state.

P.S. We had a strong storm in our region -> causing electricity to disappear a couple of times -> causing the router to be restarted a couple of times. Maybe there is a relation :D

@treysis
Copy link

treysis commented Aug 10, 2022

Maybe, who knows :) Glad it got sorted out and hopefully you learned some things.

@dhenson02
Copy link

@ExperiBass Uncomment precedence ::ffff:0:0/96 100 in /etc/gai.conf. Node uses getaddrinfo (presumably supplied from libuv) and that in turn reads from /etc/gai.conf when performing resolutions. By default, IPv6 is prioritized, and since IPv6 is broken on WSL or Windows (or both) telling getaddrinfo to use ipv4 over ipv6 fixed it for me.

Hope that helps. NPM won't solve this.

absolutely the best advice ive found all night.

immediately solved.

still a little curious why logging in as root and running the same thing worked

thanks a bunch tho

@treysis
Copy link

treysis commented Dec 24, 2022

@dhenson02 IPv6 isn't broken in WSL. Works out of the box. In WSL2 it's a bit difficult to set up, though. However, it shoudn't return IPv6 address first if there is no valid route. I think it's a different problem. Would be worth checking, actually.

@dhenson02
Copy link

I'm in Ubuntu.

Also I was talking about having a different route chosen based on my user login. Doesn't seem relevant to networking.

@treysis
Copy link

treysis commented Dec 24, 2022

Shouldn't have relevance, yes. So yeah, seems weird.

@tfwright
Copy link

tfwright commented Feb 5, 2023

#4163 (comment)

This finally resolved this issue for me after many hours. 🙏

@HennoVermeulen
Copy link

HennoVermeulen commented Feb 24, 2023

This may sound silly, but I hope it saves someone else from googling an hour to solve this issue (like I did...). I had the exact same ETIMEDOUT behavior and reproduced it consistently with npm ping (trying to connect to 2606:4700::6810:1723:443). It was immediately solved after I reconnected my wifi.

@holisticode
Copy link

I first disabled ipv6 via sysctl on the interface used, then applied

#4163 (comment)

It works now. However, this can't be the solution. It's not cool that I have to change my local os-level configuration just because node can't handle ipv6 correctly.

Now, if I understand right, this is not an npm issue but a node one. Since I found the (temporary) solution here though, I respectfully ask here where I should report this. Because it surely looks like a bug to me. And wherever it actually is, I want to report it.

@markojak
Copy link

markojak commented Apr 28, 2023

I'm so glad I found this issue because I have been experiencing this for a few days now. Here's the gist of it

Versions earlier to lts/hydrogen do not seem to have this problem.
In order to fix this I downgraded from 18.16.0 (LTS) to (16.20.0) LTS

  1. npm ping doesn't work (yarn / pnpm nothing) when reaching https://registry.npmjs.org
  2. curl works (see below)
  3. No firewall, no proxy set - All configurations deleted, purged and then reinstalled clean node version through nvm
  4. Laptop sitting next to me works

The only way I can update npm or install packages is through activating a VPN on my laptop
MacOS 13.3.1 (22E261)
npm info using npm@9.5.1
npm info using node@v18.16.0

Go figure...

*   Trying [2606:4700::6810:1523]:443...
*   Trying 104.16.25.35:443...
* Connected to registry.npmjs.org (104.16.25.35) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1):
* [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Certificate (11):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server finished (14):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jul 18 00:00:00 2022 GMT
*  expire date: Jul 18 23:59:59 2023 GMT
*  subjectAltName: host "registry.npmjs.org" matched cert's "*.npmjs.org"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: registry.npmjs.org]
* h2h3 [user-agent: curl/7.87.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x14280bc00)
> GET / HTTP/2
> Host: registry.npmjs.org
> user-agent: curl/7.87.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Fri, 28 Apr 2023 19:10:51 GMT
< content-type: application/json
< cf-ray: 7bf19b961da32d4a-DFW
< cache-control: must-revalidate
< strict-transport-security: max-age=2592000000; includeSubDomains; preload;
< vary: Accept-Encoding
< cf-cache-status: DYNAMIC
< server: cloudflare
<
* Connection #0 to host registry.npmjs.org left intact
{"db_name":"registry","engine":"couch_bt_engine","doc_count":4529074,"doc_del_count":332,"update_seq":38337233,"purge_seq":0,"compact_running":false,"sizes":{"active":106498581529,"external":247523173893,"file":108602736880},"disk_size":108602736880,"data_size":106498581529,"other":{"data_size":247523173893},"instance_start_time":"1682584982583917","disk_format_version":7,"committed_update_seq":38337233,"compacted_seq":38302908,"uuid":"3a4ad341a4111dd254daa731f37b37ae"}%

@Megapixel99
Copy link

You can work around this if you're facing this issue:

node --dns-result-order=ipv4first "$(which npm)"
# or simply
alias npm="node --dns-result-order=ipv4first $(which npm)"

from: #4163 (comment)
The above workaround fixed the issue for me (for what its worth). This issue only started happening to me after I changed my ISP (since I moved to a different state). Unsure if the issue is related to changing my ISP but some comments implied it could cause this...

ajpauwels added a commit to pauwels-labs/redact-feed-ui that referenced this issue Apr 30, 2023
@AmadeusStargazer
Copy link

@markojak Yep I had to do exactly this as well, thanks for your comment. On NodeJS version 18.16.0 my terminal would constantly hang on sill idealtree buildDeps and never proceed from there.

I ran a traceroute and this is what I got back:

C:\WINDOWS\system32>tracert registry.npmjs.org

Tracing route to registry.npmjs.org [2606:4700::6810:1123]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 2603-8080-8700-b2fe-0000-0000-0000-0001.res6.spectrum.com [2603:8080:8700:b2fe::1]
2 12 ms 14 ms 10 ms 2603-90c5-0003-009a-0000-0000-0000-0001.inf6.spectrum.com [2603:90c5:3:9a::1]
3 10 ms 16 ms 9 ms lag-63.elpttxha01h.netops.charter.com [2605:6000:0:4::e:6161]
4 12 ms 12 ms 10 ms lag-24.elpttxha01r.netops.charter.com [2605:6000:0:4::6:112]
5 * * * Request timed out.
6 * * 24 ms lag-24.dllstx976iw-bcr00.netops.charter.com [2001:1998:0:4::526]
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

C:\WINDOWS\system32>

After seeing your comment I downgraded to 16.20 LTS and now everything is working just fine again. Seems to be some sort of IPv6 issue since Node version prior to 17 give precedence to IPv4 instead of IPv6. Until things get sorted out I guess I'm stuck on v16 for the time being.

@markojak
Copy link

Yeah this is a major problem for me and it started a few days ago, Eventually I tracked the problem down to ipv6 being enabled on my Router

Since npm does not have a configuration flag to enable ipv4 only I decided to disable ipv6 entirely on my network. This has "fixed" things

I can categorically say that Node 18 onwards does not work with some ISP IPv6 configurations. Since it would be near impossible to debug this with an ISP I would think the fix should be applied on Nodejs side / npm configuration

@treysis
Copy link

treysis commented May 1, 2023

As this is a routing problem on ISP side, it definitely should be fixed by the ISP. A normal ISP should look into routing-related problems if made aware by its clients.

@SpencerKaiser
Copy link

@lumaxis any chance you can shed more light on the above? I've only ever had issues with this recently (and it seems several others are in that boat).

Re: your comment above about trying different networks, I can resolve the domain from phone's connection via a tether but not through my ISP. I've tried 3 different DNS providers and none can resolve when I try curl -6 https://registry.npmjs.org

@lumaxis
Copy link
Contributor

lumaxis commented May 2, 2023

I don't work on the npm team directly anymore but in general, possible issues with IPv6 can be manifold. All objective measurements indicate that this is not widespread issue with npm's DNS records or published routes.

From what I've read in earlier comments here, this is most likely not a DNS issue but rather a problem with a user's IPv6 setup or the routing with the ISP. You can also reach out to https://www.npmjs.com/support for help with a specific issue or try your ISP's tech support if everything looks good on e.g. https://ipv6-test.com.

@markojak
Copy link

markojak commented May 2, 2023

I agree entirely @lumaxis but if the issue is widespread enough it might make sense to just built in IPv6 AND IPv4 Routing into "npm doctor" or "npm ping" so that when a user is debugging they can immediately understand where their issues is.

This would be my design suggestion for the npm team.

@lumaxis
Copy link
Contributor

lumaxis commented May 2, 2023

@markojak That sounds like a reasonable idea to me and would probably be useful 👍🏼
Could you open a new issue here with the suggestion so the CLI team can consider it?

@SpencerKaiser
Copy link

Also I might be misunderstanding, but is there a reason there isn't some sort of fallback to ipv4 if ipv6 fails?

@markojak
Copy link

markojak commented May 2, 2023

I posted it. Feel free to add comments and upvote on the issue

@SpencerKaiser Yeah I agree it would be nice for a fallback but failing that even just enhanced debugging will be very helpful
It would have saved me more than a day of debugging time.

Also there are literally ZERO online resources to help with this.
I found this issue by accident and that led me to investigate IPv6 connectivity.

The thing is that it's easy to assume that npm is making an IPv4 connection so you don't know to check "curl -6" and then when you run curl you get an appropriate response so then it's a "wtf" kinda situation

@treysis
Copy link

treysis commented May 2, 2023

but is there a reason there isn't some sort of fallback to ipv4 if ipv6 fails?

Yes, because Happy Eyeballs isn't really available by default in Node as of now. Node v19 makes a huge step forward by giving a global configuration option. This will hopefully be available from Node v20, but I haven't checked the current progress.

@SpencerKaiser
Copy link

It would have saved me more than a day of debugging time.

@markojak same.............. I literally opened a PR against corepack to help others that got stuck because the error is arguably harder to debug when it's obfuscated through another cli (corepack -> yarn -> yarn command that failed).

Also there are literally ZERO online resources to help with this.
I found this issue by accident and that led me to investigate IPv6 connectivity.

SAME. There are an absurd amount of threads all over the place but NONE are helpful. The only other thread I found that had anything meaningful was this one and specifically this comment that helped me realize the issue was ipv6.

The thing is that it's easy to assume that npm is making an IPv4 connection so you don't know to check "curl -6" and then when you run curl you get an appropriate response so then it's a "wtf" kinda situation

Just made another corepack PR to address this; hopefully the same can be done here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Development

No branches or pull requests